Lucene search
K

ZTE AC3633R Authentication Bypass / Denial Of Service

🗓️ 19 May 2015 00:00:00Reported by vishnu rajuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 31 Views

ZTE AC3633R authentication bypass and denial of service vulnerabilit

Code
`Greetings from vishnu (@dH4wk)  
  
1. Vulnerable Product Version  
  
- ZTE AC3633R (MTS Ultra Wifi Modem)  
  
2. Vulnerability Information  
  
(A) Authentication Bypass  
Impact: Attacker gains administrative access  
Remotely Exploitable: UNKNOWN  
Locally Exploitable: YES  
  
(B) Device crash which results in reboot  
Impact: Denial of service, The crash may lead to RCE locally thus  
attaining root privilege on the device  
Remotely Exploitable: UNKNOWN  
Locally Exploitable: YES  
  
3. Vulnerability Description  
  
(A) The administrative authentication mechanism of the modem can be  
bypassed by feeding with a string of 121 characters in length, either in  
username or password field.  
  
(B) A crash causes the modem to restart. This is caused when either of  
the password or username fields are fed with an input of 130 characters  
or above.  
  
[Note: If username is targeted for exploitation, then password field shall  
be fed with minimum 6 characters (any characters) and vice versa ]  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation